Disable an MFA device for a RAM user

If you no longer require a multi-factor authentication (MFA) device enabled for a Resource Access Management (RAM) user, or you want to change the type of the MFA device that is bound to a RAM user, you can disable the MFA device for the RAM user by using your Alibaba Cloud account or a RAM user that has administrative rights.

1. Log on to the RAM console by using your Alibaba Cloud account or a RAM user that has administrative rights.
   Note If a RAM user of your Alibaba Cloud account is allowed to manage its own MFA device, the RAM user can disable the MFA device in the RAM console. To disable an MFA device, perform the following operations: Move the pointer over the profile picture in the upper-right corner of the console and click Security Information Management. On the Virtual MFA Device tab of the page that appears, click Disable Virtual MFA Device. You can also click Disable U2F Security Key on the U2F Security Key tab.
2. In the left-side navigation pane, choose Identities > Users.
3. In the User Logon Name/Display Name column, click the username of the RAM user for which you want to disable an MFA device.
4. On the page that appears, click the Authentication tab.
   • On the tab, click the Virtual MFA Device tab and click Disable Virtual MFA Device. The virtual MFA device is disabled.
   • On the tab, click the U2F Security Key tab and click Disable U2F Security Key. The U2F security key is disabled.
5. Click OK.